Hi all
I successfully configured my switches to put nodes in correct VLAN.
I want to use packetfence to act as gateway (and if possible proxy) for
guest internet access.
Packetfence should not allow access to other VLAN.
I setup from web interface the guest interface.
Then to reach internet, I added a routed network but I'm certainly
missing something here.
Here is my conf/networks.conf after configuration from the web interface
/ guest VLAN 2471 with ip range 1.1.1.0/24.
My main LAN is 192.168.1.0 and internet gateway + dns are on 192.168.1.2
[1.1.1.0]
dns=192.168.1.2
dhcp_start=1.1.1.10
gateway=1.1.1.1
domain-name=inline.mydomain.com
named=enabled
dhcp_max_lease_time=10800
dhcpd=enabled
type=inline
netmask=255.255.255.0
dhcp_end=1.1.1.246
dhcp_default_lease_time=3600
[1.1.1.0]
dns=1.1.1.1
next_hop=192.168.1.2
gateway=1.1.1.1
dhcp_start=1.1.1.10
domain-name=vlan-isolation.mydomain.com
named=enabled
dhcp_max_lease_time=10800
dhcpd=enabled
netmask=255.255.255.0
type=vlan-isolation
dhcp_end=1.1.1.249
dhcp_default_lease_time=3600
My interfaces are as this:
ifconfig
# this is common LAN, with no VLAN
eth0 Link encap:Ethernet HWaddr 00:00:11:00:00:25
inet addr:192.168.1.5 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47140193 errors:0 dropped:0 overruns:0 frame:0
TX packets:1354061 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5090343365 (4.7 GiB) TX bytes:155680972 (148.4 MiB)
# this is isolation VLAN
eth0.2466 Link encap:Ethernet HWaddr 00:00:11:00:00:25
inet addr:1.0.0.1 Bcast:1.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
# this is Mac registration VLAN
eth0.2469 Link encap:Ethernet HWaddr 00:00:11:00:00:25
inet addr:1.0.1.1 Bcast:1.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
# this is registration VLAN
eth0.2470 Link encap:Ethernet HWaddr 00:00:11:00:00:25
inet addr:1.2.3.1 Bcast:1.2.3.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:535029 errors:0 dropped:0 overruns:0 frame:0
TX packets:403762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:45946585 (43.8 MiB) TX bytes:53511808 (51.0 MiB)
# this is guest VLAN
eth0.2471 Link encap:Ethernet HWaddr 00:00:11:00:00:25
inet addr:1.1.1.1 Bcast:1.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe8b:225/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:109102 errors:0 dropped:0 overruns:0 frame:0
TX packets:2277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6162904 (5.8 MiB) TX bytes:346791 (338.6 KiB)
With a registered user, with guest role, I am put on guest VLAN, I
receive IP address 1.1.1.10, and the gateway is PF (1.1.1.1).
But no packet is forwarded by PF. I started to look at iptables.conf,
but as user is registered, I though it should work as this.
Do you see where I go wrong ?
Thanks for your help
*Alexandre*
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
